[PATCH] Implement multiple DNS forwarders in internal DNS

Garming Sam garming at catalyst.net.nz
Mon Apr 18 05:11:34 UTC 2016


I've modified the "dns forwarder" parameter to allow for a list of DNS
forwarders, allowing secondary forwarders to be added in case of
failure. The implementation is just a trivial fallback, restarting the
entire request over with the next forwarder on the list. Since the DNS
server doesn't remember who is dead, or skip the additional time delay,
this mostly avoids just the case where things stop working without a
forwarder. Previously, there hasn't been any code to test the even
single forwarders explicitly, so Douglas and I have added a few of those
along with trying to test multiple forwarders (which is done with a
little echo-ing CNAME DNS server which controls responses and delays).

While looking into the behaviour of CNAMEs and forwarding, I've added
some notes/tests to describe some of the existing behaviour. What I've
found is that unlike Windows:

        * CNAMEs returned from a forwarder are never resolved any
further. This happens regardless of whether or not the original incoming
request was forwarded, or a request in a CNAME chain was forwarded.
While this is different from Windows, it does mitigate some issues with
actually implementing the behaviour and should restrict loops to only
those self-imposed.

        * CNAME chains don't return intermediate results if they fail at
some point in the chain. With the current implementation of the multiple
forwarders, we would also appear to return 'too many' intermediate
results in the case that the some forwarder dies and the failing CNAME
resolution route is always recorded. Whether or not this is desirable
behaviour is questionable, but the RFCs generally say 'all' intermediate
resolutions should be returned.

Any thoughts are welcome. Otherwise, please review and push.

git://git.catalyst.net.nz/samba.git    dns-forwarder-review


-------------- next part --------------
A non-text attachment was scrubbed...
Name: dns-forwarder.patch
Type: text/x-diff
Size: 54753 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160418/2d4833a8/dns-forwarder.diff>

More information about the samba-technical mailing list